LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   root cannot use passwd command to change NIS password (http://www.linuxquestions.org/questions/linux-server-73/root-cannot-use-passwd-command-to-change-nis-password-913674/)

thelinz 11-15-2011 11:39 AM

root cannot use passwd command to change NIS password
 
As root on the NIS Server machine, trying to change an NIS user's password using the passwd command fails with:
NIS password could not be changed.
passwd: Failed preliminary check by password service

Using the yppasswd command succeeds, but according to the man page, this is deprecated in favor of the regular passwd command.

Logs show the following:
passwd: pam_unix(passwd:chauthtok) : password not changed for user on server
rpc.yppasswdd[3467]: update user (uid=20053) from host <ipaddr> rejected
rpc.yppasswdd[3467]: Invalid password

I can change the password as the user himself, but not as root.
Can anyone help solve this problem?

Thanks,
Moshe

davemguru 11-16-2011 01:05 AM

work around
 
Quote:

Originally Posted by thelinz (Post 4524723)
As root on the NIS Server machine, trying to change an NIS user's password using the passwd command fails with:
NIS password could not be changed.
passwd: Failed preliminary check by password service

Using the yppasswd command succeeds, but according to the man page, this is deprecated in favor of the regular passwd command.

Logs show the following:
passwd: pam_unix(passwd:chauthtok) : password not changed for user on server
rpc.yppasswdd[3467]: update user (uid=20053) from host <ipaddr> rejected
rpc.yppasswdd[3467]: Invalid password

I can change the password as the user himself, but not as root.
Can anyone help solve this problem?

Thanks,
Moshe

I don't know the reason - but, I am guessing it is something in the way in which PAM is configured. But, if you can "change the password as the user himself" - then why not -->
1. su to the user
2. change the password as that user
3. exit back to root.
Maybe I am missing something?

Reuti 11-16-2011 06:18 AM

Shouldn’t passwd detect that it’s a local change anyway. I.e. perform a usual passwd and run make -C /var/yp to rebuild the tables afterwards?

If the user changes his own password: does it say that it was changed at the NIS server?

thelinz 11-16-2011 10:13 AM

dave,
when run as the user, passwd prompts for the user's current password, which the admin does not have. when run as root, current password is not needed. This is also the behaviour we are used to on our Solaris nis server. yppasswd does work however, so that could be a workaround (but it prompts for the root password first).

reuti,
when run as the user, passwd does indeed make the change on the NIS master (thru the yppasswdd daemon). That's why I expect it to work as root also. unfortunately, it does not.

Maybe it has to do with the fact that I do not keep the NIS passwd file in /etc, but in another dir. Also, I am not using shadow passwords for NIS. Everything else is working fine though (make succeeds, login authentication is OK).

Moshe

Reuti 11-16-2011 02:25 PM

But root can’t be authorized via yppasswd hence it’s denied I think. For me passwd on the headnode detects that it’s local and makes direct changes and runs the make command to rebuild the tables. What is in /etc/yp.conf?


All times are GMT -5. The time now is 12:21 AM.